[cryptography] Question About Best Practices for Personal File Encryption

Ryan Carboni ryacko at gmail.com
Sun Aug 17 14:39:53 EDT 2014


Or in the case of OpenSSL, no one notices the backdoor as it is
indistinguishable from an obscure programming error.


On Sun, Aug 17, 2014 at 5:01 AM, ianG <iang at iang.org> wrote:

> On 17/08/2014 05:09 am, Jeffrey Goldberg wrote:
> > On 2014-08-16, at 4:51 PM, David I. Emery <die at dieconsulting.com> wrote:
>
> > I do think, however, that if there are such backdoors, it would have
> > to be known to only a very small number of people. Too many of the people
> > who work on Apple security would blow the whistle. So it would have to
> > be introduced in such a way that most of the people who actually develop
> > these tools are unaware of the backdoors. It’s certainly possible, but
> > it does shift balance of plausibility.
>
> Right.  As I understand it, the standard way that this is done is to
> create a special features group in another closely-allied country.  That
> group secures permission from HQ to do some rework for their "special
> national needs."
>
> That group then inserts in the backdoor, then ships the entire patch off
> to HQ.  Unless the center is reviewing for obfuscated tricks from a
> trusted partner, the backdoor slides in, and nobody knows it is there.
>
>
>
> iang
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140817/3129170a/attachment-0001.html>


More information about the cryptography mailing list